Re: [otrs] CAS single sign on with perl authcas module

Hello, Well, I was using BasicAuth inside a single virtualhost, and wanted to have diferent auth behaviors for the customer and agent backend. This would be easier achieved with an authmodule developped for otrs, wouldn't it ? So I wrote a small contribution in that goal (see http://bugs.otrs.org/show_bug.cgi?id=7467) which works quite well, although the gateway mode isn't handled as I wish by otrs. (see my other recent question about 2 customer auth backends, first one being HTTPBasicAuth) Regards, Mikael Kermorgant On Sun, Jul 3, 2011 at 8:47 PM, Michiel Beijen wrote:

Hi Mikael,

If you want to authenticate with CAS you only need to configure Apache to use mod_auth_cas (see https://wiki.jasig.org/display/CASC/mod_auth_cas) .

When you have that set up you then can simply use the BasicAuth authentication for OTRS. We have multiple customers that are using this with good results. There's nothing that you should need to hack in OTRS for this.

If you want you can contact us for commercial support. -- Michiel Beijen Senior Consultant

OTRS BV Schipholweg 103 2316 XC  Leiden The Netherlands

T: +31 71 8200 255 F: +31 71 8200 254 I:  http://www.otrs.com

Increase efficiency up to 30% - get OTRS Help Desk 3.0: http://www.otrs.com/

On Sat, Jul 2, 2011 at 23:59, Mikael Kermorgant wrote:

...

Hello, I have setup otrs 3.0.5 with single sign on based on apache and mod_cas. As this could be a problem when having different authentication scenarios for agents and customers, I have tried to setup a CAS auth module by copy/pasting code snippets here and there (I don't know perl...). I think I'm almost there but I have an annoying bug I'm asking help for now. I have created a CAS.pm file in  /opt/otrs/Kernel/System/CustomerAuth ==== use CGI; use AuthCAS; use CGI; use CGI::Carp qw( fatalsToBrowser ); ... sub Auth {     my ( $Self, %Param ) = @_;     my $cas = new AuthCAS(casUrl => 'https://sso.paris.iufm.fr/cas');     my $app_url = 'http://support.paris.iufm.fr/otrs/customer.pl';     unless ($ENV{QUERY_STRING} =~ /ticket=/) {     ###     ### Redirect the User for login at CAS     ###       my $login_url = $cas->getServerLoginURL($app_url);       printf "Location: $login_url\n\n";       exit 0;     }     $ENV{QUERY_STRING} =~ /ticket=([^&]+)/; my $ST = $1;     my $User = $cas->validateST($app_url, $ST);     # return user     return $User; } ============ The problem is with the line "unless ($ENV{QUERY_STRING} =~ /ticket=/) {". It seems the $ENV{QUERY_STRING} is empty (not tested but I end in an infinite loop, due to falling in this condition evrytime) Would somebody have an idea about how to fix this check ? Regards, -- Mikael Kermorgant

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- Mikael Kermorgant